Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected Links, Virtumonde, Trojans


  • This topic is locked This topic is locked
15 replies to this topic

#1 kiki_ferret

kiki_ferret

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 December 2008 - 11:00 PM

I tried cleaning out my computer as much as possible using some directions I found on another forum, but there still seems to be a lot of mess in here and I keep getting redirected with links from google. So althought Spybot Search and Destroy comes up clean I know there's stuff still wrong. I thought coming to this forum would help me since everyone seems so nice and informative >_< Thank you!

****** RSIT LOG *******
Logfile of random's system information tool 1.04 (written by random/random)
Run by Akari at 2008-12-08 17:51:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (20%) free of 71 GB
Total RAM: 3071 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:10 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1134461873\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Akari\Desktop\RSIT.exe
C:\Program Files\trend micro\Akari.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134461873\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228534338671
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kogmen.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6847 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]
"HostManager"=C:\Program Files\Common Files\AOL\1134461873\ee\AOLSoftware.exe [2006-04-20 50792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kogmen.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\World of Warcraft\WoW-1.5.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1134461873\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1134461873\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:xchat"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1134461873\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1134461873\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6149d74f-dab0-11d9-a5bd-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe


======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-08 17:51:51 ----D---- C:\rsit
2008-12-08 17:51:51 ----D---- C:\Program Files\trend micro
2008-12-05 18:59:29 ----SHD---- C:\RECYCLER
2008-12-05 18:54:50 ----A---- C:\ComboFix.txt
2008-12-05 18:47:44 ----A---- C:\Boot.bak
2008-12-05 18:47:39 ----RASHD---- C:\cmdcons
2008-12-05 18:46:49 ----A---- C:\WINDOWS\zip.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\VFIND.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\SWSC.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\SWREG.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\sed.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\grep.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\fdsv.exe
2008-12-05 18:46:01 ----D---- C:\WINDOWS\ERDNT
2008-12-05 18:46:01 ----D---- C:\Qoobox
2008-12-05 18:34:11 ----D---- C:\Documents and Settings\Akari\Application Data\Malwarebytes
2008-12-05 18:34:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 18:34:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 18:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-05 18:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-05 18:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-05 18:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-05 18:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-05 18:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-05 18:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-05 18:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-05 18:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-05 18:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-05 18:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-05 18:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-05 18:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-05 18:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-05 18:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-05 18:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-05 18:10:36 ----D---- C:\WINDOWS\ie7updates
2008-12-05 18:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-05 18:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-05 18:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-05 18:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-05 18:09:45 ----SHD---- C:\Config.Msi
2008-12-05 18:01:01 ----D---- C:\WINDOWS\Prefetch
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\scripting
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\en
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\bits
2008-12-05 17:57:17 ----D---- C:\WINDOWS\l2schemas
2008-12-05 17:56:11 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-05 17:53:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-05 17:32:59 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-05 17:32:59 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-05 17:32:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-04 23:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 23:47:18 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-04 23:47:18 ----D---- C:\Documents and Settings\Akari\Application Data\SUPERAntiSpyware.com
2008-12-04 23:38:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\java.exe
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-04 22:31:17 ----D---- C:\Program Files\IObit
2008-12-04 22:25:38 ----D---- C:\Program Files\CCleaner
2008-12-03 23:35:15 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 23:29:07 ----A---- C:\WINDOWS\system32\sqkajzupsg.dll-uninst.exe
2008-12-03 23:18:29 ----A---- C:\WINDOWS\system32\7b271396-.txt
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\VC
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\uv9
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\ki3
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\bin
2008-12-03 23:13:12 ----D---- C:\Temp

======List of files/folders modified in the last 1 months======

2008-12-08 17:51:51 ----RD---- C:\Program Files
2008-12-08 14:58:37 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-08 14:45:55 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 14:24:25 ----D---- C:\WINDOWS\Temp
2008-12-07 19:02:35 ----SHD---- C:\WINDOWS\Installer
2008-12-05 20:13:17 ----D---- C:\Documents and Settings\Akari\Application Data\Skype
2008-12-05 20:09:07 ----SHD---- C:\System Volume Information
2008-12-05 20:09:07 ----D---- C:\WINDOWS\system32\Restore
2008-12-05 20:08:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 20:08:07 ----D---- C:\WINDOWS
2008-12-05 19:49:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 19:43:34 ----HD---- C:\WINDOWS\inf
2008-12-05 18:59:29 ----D---- C:\WINDOWS\Debug
2008-12-05 18:54:53 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 18:54:53 ----D---- C:\WINDOWS\system32
2008-12-05 18:52:22 ----A---- C:\WINDOWS\system.ini
2008-12-05 18:50:28 ----D---- C:\WINDOWS\system32\config
2008-12-05 18:50:11 ----D---- C:\Program Files\Common Files
2008-12-05 18:49:59 ----D---- C:\WINDOWS\AppPatch
2008-12-05 18:47:44 ----RASH---- C:\boot.ini
2008-12-05 18:36:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-05 18:14:41 ----D---- C:\Program Files\Internet Explorer
2008-12-05 18:13:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-05 18:12:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-05 18:11:06 ----D---- C:\WINDOWS\WinSxS
2008-12-05 18:10:46 ----D---- C:\Program Files\Messenger
2008-12-05 18:10:29 ----D---- C:\WINDOWS\Registration
2008-12-05 18:10:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 18:09:55 ----RSD---- C:\WINDOWS\assembly
2008-12-05 18:00:38 ----D---- C:\WINDOWS\system32\Setup
2008-12-05 18:00:38 ----D---- C:\Program Files\Windows Media Player
2008-12-05 18:00:37 ----D---- C:\WINDOWS\system32\wbem
2008-12-05 18:00:36 ----RSD---- C:\WINDOWS\Fonts
2008-12-05 17:59:33 ----D---- C:\WINDOWS\security
2008-12-05 17:58:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-05 17:57:22 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-05 17:57:22 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 17:57:22 ----D---- C:\WINDOWS\ime
2008-12-05 17:57:22 ----D---- C:\WINDOWS\Help
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\usmt
2008-12-05 17:57:17 ----D---- C:\WINDOWS\PeerNet
2008-12-05 17:57:17 ----D---- C:\Program Files\Movie Maker
2008-12-05 17:56:07 ----D---- C:\WINDOWS\system32\npp
2008-12-05 17:56:07 ----D---- C:\WINDOWS\mui
2008-12-05 17:56:06 ----D---- C:\WINDOWS\srchasst
2008-12-05 17:56:06 ----D---- C:\WINDOWS\msagent
2008-12-05 17:56:04 ----D---- C:\Program Files\NetMeeting
2008-12-05 17:56:03 ----D---- C:\WINDOWS\system32\Com
2008-12-05 17:56:02 ----D---- C:\Program Files\Windows NT
2008-12-05 17:56:02 ----D---- C:\Program Files\Outlook Express
2008-12-05 17:56:00 ----D---- C:\Program Files\Common Files\System
2008-12-05 17:55:50 ----D---- C:\WINDOWS\system32\oobe
2008-12-05 17:55:49 ----D---- C:\WINDOWS\system
2008-12-05 17:53:08 ----D---- C:\WINDOWS\ehome
2008-12-05 17:40:41 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-05 17:32:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-04 23:46:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-04 23:09:54 ----D---- C:\Documents and Settings
2008-12-04 23:06:05 ----D---- C:\Program Files\TrojanHunter 4.6
2008-12-04 22:56:15 ----A---- C:\WINDOWS\win.ini
2008-12-04 22:54:34 ----D---- C:\Program Files\Java
2008-12-04 22:26:08 ----D---- C:\WINDOWS\Minidump
2008-12-04 00:06:55 ----SD---- C:\WINDOWS\Tasks
2008-12-03 23:45:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 09:31:30 ----D---- C:\Documents and Settings\Akari\Application Data\Uniblue
2008-11-20 00:11:54 ----SD---- C:\Documents and Settings\Akari\Application Data\Microsoft
2008-11-16 14:25:35 ----D---- C:\Documents and Settings\Akari\Application Data\gtk-2.0
2008-11-13 19:44:17 ----D---- C:\Program Files\World of Warcraft
2008-11-11 21:21:39 ----D---- C:\Documents and Settings\Akari\Application Data\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081207.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081207.005\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-18 189568]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-09-12 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-09-12 71488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-01-29 68096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]

-----------------EOF-----------------

****** RSIT INFO *******

info.txt logfile of random's system information tool 1.04 2008-12-08 17:52:11

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BeTrapped!-->C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\uninst.exe
bodybugg®-->MsiExec.exe /X{F64C5BEF-42BE-4FE1-9160-2DB2E087C22C}
Cave Story Deluxe-->C:\Program Files\Cave Story Deluxe\Uninstal.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DVD Region+CSS Free 5.9.5.2-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.6.5-->"C:\Program Files\DVDFab Decrypter\unins000.exe"
EuroTalk Talk Now Plus!-->C:\PROGRA~1\EuroTalk\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\TALKNO~1\INSTALL.LOG
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
Harry Potter and the Goblet of Fire™-->C:\Program Files\Electronic Arts\Harry Potter and the Goblet of Fire\EAUninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 3600 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3600 series
Inspector Parker-->C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\uninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MasterCook 7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F457DDF-B768-434C-8802-9BB3B383B1E8}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mirar-->mshta.exe http://remove.getmirar.com/
Mozilla Firefox (2.0.0.18)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Myst III: Exile-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}\setup.exe"
Myst Masterpiece Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}\setup.exe"
Myst Uru - Complete Chronicles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BA7792-853B-45A3-A29F-539C0D7A2A62}\setup.exe" -l0x9
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pidgin 2.0.0 (remove only)-->C:\Program Files\Pidgin\pidgin-uninst.exe
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Realms of Illusion-->"C:\Program Files\The Adventure Company\Realms of Illusion\Uninstall.exe" "C:\Program Files\The Adventure Company\Realms of Illusion\install.log"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Riven-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9577427-2D9D-4580-BDB3-FFDDE06A9554}\setup.exe"
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Search Assistant Mysidesearch-->C:\WINDOWS\system32\sqkajzupsg.dll-uninst.exe
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SimCity 3000 Unlimited-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Defrag 1.03-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Spy Sweeper-->C:\WINDOWS\unSpySweeper.exe
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The GIMP 2.2.17-->"C:\Program Files\GIMP-2.0\unins000.exe"
The Movies™-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Uplink Demo (remove only)-->C:\Program Files\Uplink Demo\Uninstall.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\GTK\2.0\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=070a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip

-----------------EOF-----------------


****** KASPERSKY *******

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 21:57:06
Records in database: 1444669
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 84504
Threat name: 9
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 00:55:00


File name / Threat name / Threats count
C:\Documents and Settings\Akari\.housecall6.6\Quarantine\temp.fr8D3D.bac_a04304 Infected: Trojan-Downloader.Win32.PurityScan.co 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00C80000.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02380000.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02380001.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80000.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80001.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80002\49B900B8.VBN Infected: Backdoor.Win32.TDSS.bkw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80003\49B900D0.VBN Infected: Trojan-Downloader.Win32.Zlob.ymu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80004\49B9011D.VBN Infected: Backdoor.Win32.TDSS.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80005\49B90125.VBN Infected: Trojan.Win32.Agent.arvz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80006\49B9012C.VBN Infected: Backdoor.Win32.TDSS.asz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80007\49B90134.VBN Infected: Backdoor.Win32.TDSS.atb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380001.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380002.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0001.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E080000.VBN Infected: Trojan.Win32.Inject.kyv 1
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Infected: Trojan.Win32.Agent.aslf 1

The selected area was scanned.


Thanks so much >_<

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 16 December 2008 - 10:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 17 December 2008 - 01:42 AM

Oops I guess I did forget the combofix log. I did do it though! :thumbsup:

ComboFix 08-12-05.02 - Akari 2008-12-05 18:49:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2528 [GMT -10:00]
Running from: c:\documents and settings\Akari\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Akari\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Akari\Application Data\ASEMBL~1
c:\documents and settings\Akari\Application Data\FNTS~1
c:\documents and settings\Akari\Application Data\RACLE~1
c:\documents and settings\Akari\Application Data\STEM~1
c:\documents and settings\Akari\Application Data\YMBOLS~1
c:\documents and settings\Akari\My Documents\CROSOF~1.NET
c:\documents and settings\Akari\My Documents\FNTS~1
c:\documents and settings\Akari\My Documents\ICROSO~1
c:\documents and settings\Akari\My Documents\ICROSO~1.NET
c:\documents and settings\Akari\My Documents\ICROSO~1.NET\nopdb.exe
c:\documents and settings\Akari\My Documents\ICROSO~1\?icrosoft\
c:\documents and settings\Akari\My Documents\TSKS~1
c:\program files\Common Files\{3004D~1
c:\program files\Common Files\{3004D~1\MyToolBar.dll
c:\program files\Common Files\crosof~1.net
c:\program files\Common Files\curity~1
c:\program files\Common Files\ppatch~1
c:\program files\Common Files\sembly~1
c:\program files\Common Files\stem32~1
c:\program files\crosof~1
c:\program files\mantec~1
c:\program files\ystem3~1
c:\temp\tn3
c:\windows\appatc~1
c:\windows\asks~1
c:\windows\system32\curity~1
c:\windows\system32\racle~1
c:\windows\system32\racle~2
c:\windows\system32\rtcqgkac.ini
c:\windows\system32\ymbols~1
c:\windows\system32\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-05 18:34 . 2008-12-05 18:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 18:34 . 2008-12-05 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 18:34 . 2008-12-05 18:34 <DIR> d-------- c:\documents and settings\Akari\Application Data\Malwarebytes
2008-12-05 18:34 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 18:34 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 18:09 . 2008-09-04 07:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-05 18:09 . 2008-10-24 01:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 18:09 . 2008-10-15 06:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 18:08 . 2008-08-14 00:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 18:08 . 2008-08-14 00:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 18:08 . 2008-08-13 23:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 18:08 . 2008-08-13 23:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 18:08 . 2008-09-15 02:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-05 18:08 . 2008-09-08 00:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-05 18:08 . 2008-08-14 00:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-05 18:07 . 2008-04-11 09:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 18:07 . 2008-05-01 04:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-05 18:07 . 2008-06-13 01:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-05 18:06 . 2008-05-08 04:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\system32\scripting
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\system32\en
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\system32\bits
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\l2schemas
2008-12-05 17:56 . 2008-12-05 17:56 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 17:54 . 2008-12-05 18:12 1,374 --a------ c:\windows\imsins.BAK
2008-12-05 17:49 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-05 17:32 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-05 17:32 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-05 17:32 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-05 17:32 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\documents and settings\Akari\Application Data\SUPERAntiSpyware.com
2008-12-04 23:09 . 2008-12-04 23:11 <DIR> d-------- c:\documents and settings\Administrator
2008-12-04 22:54 . 2008-12-04 22:54 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-04 22:54 . 2008-12-04 22:54 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-04 22:31 . 2008-12-04 22:31 <DIR> d-------- c:\program files\IObit
2008-12-04 22:25 . 2008-12-04 22:25 <DIR> d-------- c:\program files\CCleaner
2008-12-04 00:11 . 2008-12-04 00:11 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Talkback
2008-12-03 23:35 . 2008-12-03 23:42 1,133 --a------ c:\windows\wininit.ini
2008-12-03 23:29 . 2008-12-03 23:37 68,399 --a------ c:\windows\system32\sqkajzupsg.dll-uninst.exe
2008-12-03 23:29 . 2008-12-03 23:29 2 --a------ C:\1879365447
2008-12-03 23:13 . 2008-12-05 00:25 <DIR> d-------- c:\windows\system32\VC
2008-12-03 23:13 . 2008-12-05 08:13 <DIR> d-------- c:\windows\system32\uv9
2008-12-03 23:13 . 2008-12-05 00:21 <DIR> d-------- c:\windows\system32\ki3
2008-12-03 23:13 . 2008-12-03 23:13 <DIR> d-------- c:\windows\system32\bin
2008-12-03 23:13 . 2008-12-03 23:13 <DIR> d-------- c:\temp\DIV55
2008-12-03 23:13 . 2008-12-05 18:49 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 04:50 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-06 04:39 --------- d-----w c:\documents and settings\Akari\Application Data\Skype
2008-12-05 09:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-05 09:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 09:06 --------- d-----w c:\program files\TrojanHunter 4.6
2008-12-05 08:54 --------- d-----w c:\program files\Java
2008-12-04 09:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-22 19:31 --------- d-----w c:\documents and settings\Akari\Application Data\Uniblue
2008-11-17 00:25 --------- d-----w c:\documents and settings\Akari\Application Data\gtk-2.0
2008-11-14 05:44 --------- d-----w c:\program files\World of Warcraft
2008-11-12 07:21 --------- d-----w c:\documents and settings\Akari\Application Data\skypePM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 08:41 --------- d-----w c:\documents and settings\Akari\Application Data\uTorrent
2008-10-15 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-14 07:40 --------- d-----w c:\program files\Apex Fitness
2008-10-13 10:13 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-09-13 03:34 94,912 ----a-w c:\windows\bmfirmwareapex4.dll
2008-09-13 03:34 78,528 ----a-w c:\windows\bmcommapex4.dll
2008-09-13 03:34 2,671,296 ----a-w c:\windows\bmusbapex4.dll
2008-09-13 03:34 160,448 ----a-w c:\windows\bmupgradeapex24.dll
2008-09-13 03:34 156,352 ----a-w c:\windows\bmupgradeapex25.dll
2008-09-13 03:34 147,456 ----a-w c:\windows\bmapex.dll
2008-09-13 03:34 135,168 ----a-w c:\windows\bmupgradeapex.dll
2008-09-13 03:34 127,680 ----a-w c:\windows\bmserialapex25.dll
2008-09-13 03:34 123,584 ----a-w c:\windows\bmserialapex24.dll
2008-09-06 00:36 57,344 ----a-w c:\windows\bmversionapex.dll
2008-01-26 05:02 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cng"="c:\windows\A?pPatch\j?vaw.exe" [?]
"Tmuyssj"="c:\program files\Common Files\??pPatch\?serinit.exe" [?]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-10 111816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HostManager"="c:\program files\Common Files\AOL\1134461873\ee\AOLSoftware.exe" [2006-04-20 50792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kogmen.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\World of Warcraft\\WoW-1.5.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134461873\\ee\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134461873\\ee\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-12-04 99376]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2005-04-17 124608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6149d74f-dab0-11d9-a5bd-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-06-27 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{F5E433B2-6823-43D1-A1C1-0A7837C27C1D} - c:\windows\system32\qoMffGYo.dll
WebBrowser-{3679032A-E70C-4EA4-BDD2-90AC0B1B1D79} - (no file)
HKCU-Run-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
HKCU-Run-Aim6 - (no file)
Notify-efcBuUlM - efcBuUlM.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Akari\Application Data\Mozilla\Firefox\Profiles\1gh27rpu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 18:52:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-05 18:54:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 04:54:46

Pre-Run: 15,125,966,848 bytes free
Post-Run: 15,050,285,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

262

#4 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 17 December 2008 - 01:46 AM

Oops, and this is the new RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Akari at 2008-12-16 20:44:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (21%) free of 71 GB
Total RAM: 3071 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:51 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1134461873\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Akari\Desktop\RSIT.exe
C:\Program Files\trend micro\Akari.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134461873\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228534338671
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kogmen.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6848 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]
"HostManager"=C:\Program Files\Common Files\AOL\1134461873\ee\AOLSoftware.exe [2006-04-20 50792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kogmen.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\World of Warcraft\WoW-1.5.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1134461873\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1134461873\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:xchat"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1134461873\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1134461873\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6149d74f-dab0-11d9-a5bd-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe


======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-15 02:30:32 ----D---- C:\Program Files\MSECache
2008-12-08 17:51:51 ----D---- C:\rsit
2008-12-08 17:51:51 ----D---- C:\Program Files\trend micro
2008-12-05 18:59:29 ----SHD---- C:\RECYCLER
2008-12-05 18:54:50 ----A---- C:\ComboFix.txt
2008-12-05 18:47:44 ----A---- C:\Boot.bak
2008-12-05 18:47:39 ----RASHD---- C:\cmdcons
2008-12-05 18:46:49 ----A---- C:\WINDOWS\zip.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\VFIND.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\SWSC.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\SWREG.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\sed.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\grep.exe
2008-12-05 18:46:49 ----A---- C:\WINDOWS\fdsv.exe
2008-12-05 18:46:01 ----D---- C:\WINDOWS\ERDNT
2008-12-05 18:46:01 ----D---- C:\Qoobox
2008-12-05 18:34:11 ----D---- C:\Documents and Settings\Akari\Application Data\Malwarebytes
2008-12-05 18:34:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 18:34:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 18:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-05 18:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-05 18:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-05 18:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-05 18:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-05 18:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-05 18:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-05 18:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-05 18:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-05 18:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-05 18:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-05 18:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-05 18:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-05 18:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-05 18:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-05 18:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-05 18:10:36 ----D---- C:\WINDOWS\ie7updates
2008-12-05 18:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-05 18:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-05 18:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-05 18:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-05 18:01:01 ----D---- C:\WINDOWS\Prefetch
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\scripting
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\en
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\bits
2008-12-05 17:57:17 ----D---- C:\WINDOWS\l2schemas
2008-12-05 17:56:11 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-05 17:53:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-05 17:32:59 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-05 17:32:59 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-05 17:32:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-04 23:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 23:47:18 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-04 23:47:18 ----D---- C:\Documents and Settings\Akari\Application Data\SUPERAntiSpyware.com
2008-12-04 23:38:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\java.exe
2008-12-04 22:54:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-04 22:31:17 ----D---- C:\Program Files\IObit
2008-12-04 22:25:38 ----D---- C:\Program Files\CCleaner
2008-12-03 23:35:15 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 23:29:07 ----A---- C:\WINDOWS\system32\sqkajzupsg.dll-uninst.exe
2008-12-03 23:18:29 ----A---- C:\WINDOWS\system32\7b271396-.txt
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\VC
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\uv9
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\ki3
2008-12-03 23:13:14 ----D---- C:\WINDOWS\system32\bin
2008-12-03 23:13:12 ----D---- C:\Temp

======List of files/folders modified in the last 1 months======

2008-12-16 20:39:00 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 20:38:36 ----D---- C:\WINDOWS\Temp
2008-12-16 20:37:43 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-15 23:22:48 ----SHD---- C:\WINDOWS\Installer
2008-12-15 02:31:14 ----D---- C:\WINDOWS\WinSxS
2008-12-15 02:31:13 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 02:31:11 ----D---- C:\Program Files\Microsoft Office
2008-12-15 02:31:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-15 02:30:32 ----RD---- C:\Program Files
2008-12-05 20:13:17 ----D---- C:\Documents and Settings\Akari\Application Data\Skype
2008-12-05 20:09:07 ----SHD---- C:\System Volume Information
2008-12-05 20:09:07 ----D---- C:\WINDOWS\system32\Restore
2008-12-05 20:08:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 20:08:07 ----D---- C:\WINDOWS
2008-12-05 19:49:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 19:43:34 ----HD---- C:\WINDOWS\inf
2008-12-05 18:59:29 ----D---- C:\WINDOWS\Debug
2008-12-05 18:54:53 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 18:54:53 ----D---- C:\WINDOWS\system32
2008-12-05 18:52:22 ----A---- C:\WINDOWS\system.ini
2008-12-05 18:50:28 ----D---- C:\WINDOWS\system32\config
2008-12-05 18:50:11 ----D---- C:\Program Files\Common Files
2008-12-05 18:49:59 ----D---- C:\WINDOWS\AppPatch
2008-12-05 18:47:44 ----RASH---- C:\boot.ini
2008-12-05 18:36:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-05 18:14:41 ----D---- C:\Program Files\Internet Explorer
2008-12-05 18:13:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-05 18:12:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-05 18:10:46 ----D---- C:\Program Files\Messenger
2008-12-05 18:10:29 ----D---- C:\WINDOWS\Registration
2008-12-05 18:10:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 18:09:55 ----RSD---- C:\WINDOWS\assembly
2008-12-05 18:00:38 ----D---- C:\WINDOWS\system32\Setup
2008-12-05 18:00:38 ----D---- C:\Program Files\Windows Media Player
2008-12-05 18:00:37 ----D---- C:\WINDOWS\system32\wbem
2008-12-05 17:59:33 ----D---- C:\WINDOWS\security
2008-12-05 17:58:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-05 17:57:22 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-05 17:57:22 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 17:57:22 ----D---- C:\WINDOWS\ime
2008-12-05 17:57:22 ----D---- C:\WINDOWS\Help
2008-12-05 17:57:17 ----D---- C:\WINDOWS\system32\usmt
2008-12-05 17:57:17 ----D---- C:\WINDOWS\PeerNet
2008-12-05 17:57:17 ----D---- C:\Program Files\Movie Maker
2008-12-05 17:56:07 ----D---- C:\WINDOWS\system32\npp
2008-12-05 17:56:07 ----D---- C:\WINDOWS\mui
2008-12-05 17:56:06 ----D---- C:\WINDOWS\srchasst
2008-12-05 17:56:06 ----D---- C:\WINDOWS\msagent
2008-12-05 17:56:04 ----D---- C:\Program Files\NetMeeting
2008-12-05 17:56:03 ----D---- C:\WINDOWS\system32\Com
2008-12-05 17:56:02 ----D---- C:\Program Files\Windows NT
2008-12-05 17:56:02 ----D---- C:\Program Files\Outlook Express
2008-12-05 17:56:00 ----D---- C:\Program Files\Common Files\System
2008-12-05 17:55:50 ----D---- C:\WINDOWS\system32\oobe
2008-12-05 17:55:49 ----D---- C:\WINDOWS\system
2008-12-05 17:53:08 ----D---- C:\WINDOWS\ehome
2008-12-05 17:40:41 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-05 17:32:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-04 23:46:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-04 23:09:54 ----D---- C:\Documents and Settings
2008-12-04 23:06:05 ----D---- C:\Program Files\TrojanHunter 4.6
2008-12-04 22:56:15 ----A---- C:\WINDOWS\win.ini
2008-12-04 22:54:34 ----D---- C:\Program Files\Java
2008-12-04 22:26:08 ----D---- C:\WINDOWS\Minidump
2008-12-04 00:06:55 ----SD---- C:\WINDOWS\Tasks
2008-12-03 23:45:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 09:31:30 ----D---- C:\Documents and Settings\Akari\Application Data\Uniblue
2008-11-20 00:11:54 ----SD---- C:\Documents and Settings\Akari\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081216.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081216.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-18 189568]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-09-12 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-09-12 71488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-01-29 68096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]

-----------------EOF-----------------

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 17 December 2008 - 03:19 AM

Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
c:\windows\Tasks\Uniblue SpeedUpMyPC.job
c:\windows\system32\sqkajzupsg.dll-uninst.exe
C:\1879365447
Folder::
c:\windows\system32\VC
c:\windows\system32\uv9
c:\windows\system32\ki3
c:\windows\system32\bin
c:\temp\DIV55
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViewMgr"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cng"=-
"Tmuyssj"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Edited by miekiemoes, 17 December 2008 - 03:20 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 17 December 2008 - 06:42 AM

I checked my add/remove programs but didn't see any viewpoint in there. I know I had it installed at one time, but I believe I deleted/uninstalled it before I posted those logs. Could it be files or something left behind after deletion?

I performed the combofix and this is the log :thumbsup:

ComboFix 08-12-05.02 - Akari 2008-12-17 1:38:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2576 [GMT -10:00]
Running from: c:\documents and settings\Akari\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Akari\Desktop\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\1879365447
c:\windows\system32\sqkajzupsg.dll-uninst.exe
c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
c:\windows\Tasks\Uniblue SpeedUpMyPC.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1879365447
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\system32\bin
c:\windows\system32\ki3
c:\windows\system32\sqkajzupsg.dll-uninst.exe
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
c:\windows\Tasks\Uniblue SpeedUpMyPC.job

.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-15 02:30 . 2008-12-15 02:30 <DIR> d-------- c:\program files\MSECache
2008-12-08 17:51 . 2008-12-16 20:46 <DIR> d-------- C:\rsit
2008-12-08 17:51 . 2008-12-16 20:44 <DIR> d-------- c:\program files\trend micro
2008-12-05 18:34 . 2008-12-05 18:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 18:34 . 2008-12-05 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 18:34 . 2008-12-05 18:34 <DIR> d-------- c:\documents and settings\Akari\Application Data\Malwarebytes
2008-12-05 18:34 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 18:34 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 18:09 . 2008-09-04 07:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-05 18:09 . 2008-10-24 01:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 18:09 . 2008-10-15 06:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 18:08 . 2008-08-14 00:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 18:08 . 2008-08-14 00:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 18:08 . 2008-08-13 23:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 18:08 . 2008-08-13 23:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 18:08 . 2008-09-15 02:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-05 18:08 . 2008-09-08 00:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-05 18:08 . 2008-08-14 00:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-05 18:07 . 2008-04-11 09:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 18:07 . 2008-05-01 04:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-05 18:07 . 2008-06-13 01:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-05 18:06 . 2008-05-08 04:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\system32\scripting
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\system32\en
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\system32\bits
2008-12-05 17:57 . 2008-12-05 17:57 <DIR> d-------- c:\windows\l2schemas
2008-12-05 17:56 . 2008-12-05 17:56 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 17:49 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-05 17:32 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-05 17:32 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-05 17:32 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-05 17:32 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-04 23:47 . 2008-12-05 19:01 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\documents and settings\Akari\Application Data\SUPERAntiSpyware.com
2008-12-04 23:09 . 2008-12-04 23:11 <DIR> d-------- c:\documents and settings\Administrator
2008-12-04 22:54 . 2008-12-04 22:54 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-04 22:54 . 2008-12-04 22:54 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-04 22:31 . 2008-12-04 22:31 <DIR> d-------- c:\program files\IObit
2008-12-04 22:25 . 2008-12-04 22:25 <DIR> d-------- c:\program files\CCleaner
2008-12-04 00:11 . 2008-12-04 00:11 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Talkback
2008-12-03 23:35 . 2008-12-03 23:42 1,133 --a------ c:\windows\wininit.ini
2008-12-03 23:13 . 2008-12-17 01:38 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 07:46 --------- d-----w c:\program files\World of Warcraft
2008-12-17 06:37 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-06 06:13 --------- d-----w c:\documents and settings\Akari\Application Data\Skype
2008-12-06 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 09:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-05 09:06 --------- d-----w c:\program files\TrojanHunter 4.6
2008-12-05 08:54 --------- d-----w c:\program files\Java
2008-12-04 09:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-22 19:31 --------- d-----w c:\documents and settings\Akari\Application Data\Uniblue
2008-11-17 00:25 --------- d-----w c:\documents and settings\Akari\Application Data\gtk-2.0
2008-11-12 07:21 --------- d-----w c:\documents and settings\Akari\Application Data\skypePM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 08:41 --------- d-----w c:\documents and settings\Akari\Application Data\uTorrent
2008-10-17 00:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-17 00:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-17 00:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-17 00:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-17 00:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-17 00:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-17 00:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-17 00:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-01-26 05:02 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-05_18.54.28.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-15 12:31:16 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-12-06 04:14:44 195,368 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-16 05:23:37 214,472 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-17 06:36:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_174.dat
+ 2005-09-23 09:48:08 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 09:48:08 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 09:48:06 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HostManager"="c:\program files\Common Files\AOL\1134461873\ee\AOLSoftware.exe" [2006-04-20 50792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\World of Warcraft\\WoW-1.5.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134461873\\ee\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134461873\\ee\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6149d74f-dab0-11d9-a5bd-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Akari\Application Data\Mozilla\Firefox\Profiles\1gh27rpu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 01:38:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\NTMARTA.DLL
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
Completion time: 2008-12-17 1:39:19
ComboFix-quarantined-files.txt 2008-12-17 11:39:13
ComboFix2.txt 2008-12-06 04:54:50

Pre-Run: 15,391,100,928 bytes free
Post-Run: 15,432,065,024 bytes free

198

Edited by kiki_ferret, 17 December 2008 - 06:47 AM.


#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 17 December 2008 - 06:54 AM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 17 December 2008 - 10:59 PM

I like seeing hidden files and extensions so after uninstalling I put it back after uninstalled combofix :) I don't do anything with them though, I just am used to seeing them.

I tried googling stuff, and it still seems to go through some sort of redirector. It doesn't redirect all the time but I can see it analyze what I clicked. it has the name goougly in it.

:thumbsup:

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 18 December 2008 - 01:09 AM

Hi,

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 18 December 2008 - 01:19 AM

Here we go :thumbsup:

GooredFix v1.4 by jpshortstuff
Log created at 20:19 on 17/12/2008 running Option #1

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1D80948A-4857-4950-A036-6C2535A20A32}"="C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}"

1gh27rpu.default: Extension1=C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}


C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}


=====List of possible loading points=====

1gh27rpu.default: Extension3=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

1gh27rpu.default: Extension2=C:\PROGRA~1\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

1gh27rpu.default: Extension1=C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}

1gh27rpu.default: Extension0=C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org


=====List of possible folders=====

C:\Documents and Settings\Akari\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142040}
C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}

=====List of possible registry values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.19\extensions]
"Plugins"="C:\PROGRA~1\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.19\extensions]
"Components"="C:\PROGRA~1\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1D80948A-4857-4950-A036-6C2535A20A32}"="C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}"

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 18 December 2008 - 01:25 AM

Hi,

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 18 December 2008 - 01:32 AM

ok here's what I got :thumbsup:

GooredFix v1.4 by jpshortstuff
Log created at 20:31 on 17/12/2008 running Option #2

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1D80948A-4857-4950-A036-6C2535A20A32}"="C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}"
->Deleting value... Done.

1gh27rpu.default: Extension1=C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}

->Removing loadpoint... Done.

C:\Documents and Settings\Akari\Local Settings\Application Data\{1D80948A-4857-4950-A036-6C2535A20A32}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.


=====Suspect Goored Entries=====


=====List of possible loading points=====

1gh27rpu.default: Extension3=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

1gh27rpu.default: Extension2=C:\PROGRA~1\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

1gh27rpu.default: Extension0=C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org


=====List of possible folders=====

C:\Documents and Settings\Akari\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142040}

=====List of possible registry values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.19\extensions]
"Plugins"="C:\PROGRA~1\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.19\extensions]
"Components"="C:\PROGRA~1\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 18 December 2008 - 01:54 AM

Hi,

This looks Ok again.

Redirections gone?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 kiki_ferret

kiki_ferret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 18 December 2008 - 01:57 AM

Yes! Aw man :thumbsup: thank you so much!

*hugs*

*cheer*

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:19 AM

Posted 18 December 2008 - 01:57 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users